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LISTING OF CLAIMS: 

Claim 1 (cancelled). 

Claim 2 (currently amended) A secure cryptographic system, comprising: 

a depository system, remote from a user, having at least one server which 
stores at least one private key and a plurality of enrollment authentication data, 
wherein each enrollment authentication data identifies one of multiple users; 

an authentication engine, remote from said user, which compares 
authentication data received from one of said multiple users to enrollment 
authentication data corresponding to said one of multiple users and received from said 
depository system, thereby producing the final authentication result; 

a cryptographic engine, remote from said user, which, when said 
authentication result indicates proper identification of said one of said multiple users, 
performs cryptographic functions on behalf of said one of said multiple users using at 
least one private key received from said depository system; 

a transaction engine connected to route data from said multiple users to said 
depository server system, said authentication engine, and said cryptographic engine; 
[[and]] 

wherein said secure cryptographic system is remote from said user and said 
user is connected to the system via a communication linkj[.]] 

wherein said depository system further comprises a plurality of data storage 
facilities, each data storage facility having at least one server storing a substantially 
randomized portion of said private key and a substantially randomized portion of said 
plurality of enrollment authentication data, and 

wherein each substantially randomized portion is individually undecipherable. 
Claim 3-4 (cancelled). 

Claim 5 (previously presented) The secure cryptographic system of Claim 2, wherein 
said enrollment authentication data includes biometric data. 

Claim 6 (previously presented) The secure cryptographic system of Claim 5, wherein 
said biometric data includes finger print patterns. 

Claim 7 (previously presented) The secure cryptographic system of Claim 2, wherein 
said at least one private key corresponds to said secure cryptographic system. 
Claim 8 (previously presented) The secure cryptographic system of Claim 2, wherein 
said at least one private key corresponds to said one of said multiple users. 
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Claim 9 (previously presented) The secure cryptographic system of Claim 2, wherein 
said cryptographic functions comprise one of digital signing, encryption, and 
decryption. 

Claim 10 (currently amended) A method of facilitating cryptographic functions, said 
method comprisin g using the system of claim 2a 

associating a us e r from multipl e users with one or mor e k e ys from a plurality 
of privat e cryptographic k e ys g e n e rat e d and stor e d on a r e mot e s e cur e s e rv e r; 

r e c e iving auth e ntication data from said us e r; 

comparing, e xclusiv e ly on s aid r e mot e s e cur e s e rv e r, said auth e ntication data 
r e c e iv e d from said user to authentication data stor e d on said remot e secur e s e rv e r 
corr e sponding to said us e r, th e r e by v e rifying th e id e ntity of said user; and 

utilizing said one or more keys from a plurality of privat e cryptographic k e ys 
to p e rform cryptographic functions on said remot e secur e s e rver without r e l e asing 
said on e or mor e k e ys from a plurality of privat e cryptographic keys to said us e r, 

wh e r e in said us e r is conn e ct e d to said r e mot e s e cur e server via a 
communication link. 
Claim 11-13 (cancelled). 

Claim 14 (currently amended) An authentication system for uniquely identifying a 
user through secure storage of said user's enrollment authentication data, said 
authentication system comprising: 

a plurality of data storage facilities, wherein each data storage facility is 
remote from said user and includes a computer accessible storage medium which 
stores one of substantially randomized data portions of enrollment authentication data; 
and 

an authentication engine which communicates with said plurality of data 
storage facilities and comprises 

a data splitting module which operates on said enrollment authentication data 
to create said substantially randomized data portions, 

a data assembling module which processes said substantially randomized data 
portions from at least two of said data storage facilities to assemble enrollment 
authentication data, and 

a data comparator module which receives current authentication data from a 
user and compares the current authentication data with the said assembled enrollment 
authentication data to determine whether said user has been uniquely identified; 
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wherein said trust engine comprises an authentication system, [[and]] 
wherein said trust engine is remote from said user and said user is connected 

to said trust engine via a communication link[[.1 i and wherein each substantially 

randomized portion is individually undecipherable. 

Claim 15 (cancelled). 

Claim 16 (previously presented) The authentication system of Claim 14, wherein said 
each data storage facility is logically separated from any other data storage facility. 
Claim 17 (previously presented) The authentication system of Claim 14, wherein said 
each data storage facility is physically separated from any other data storage facility. 
Claim 18 (previously presented) The authentication system of Claim 14, further 
comprising a cryptographic engine which, upon the unique identification of said user 
by said authentication engine, provides cryptographic functionality to said user. 
Claim 19 (previously presented) The authentication system of Claim 14, wherein said 
plurality of data storage facilities comprises at least one secure server. 
Claim 20 (previously presented) The authentication system of Claim 14, wherein 
unique identification of said user by said authentication engine provides said user 
authorization to gain access to or to operate one or more systems. 
Claim 21 (previously presented) The authentication system of Claim 20, wherein said 
one or more systems include one or more electronic devices. 

Claim 22 (previously presented) The authentication system of Claim 20, wherein said 

one or more systems include one or more computer software systems. 

Claim 23 (previously presented) The authentication system of Claim 20, wherein said 

one or more systems include one or more consumer electronics. 

Claim 24 (previously presented) The authentication system of Claim 23, wherein said 

one or more consumer electronics includes a cellular phone. 

Claim 25 (previously presented) The authentication system of Claim 20, wherein said 

one or more systems include one or more cryptographic systems. 

Claim 26 (previously presented) The authentication system of Claim 20, wherein said 

one or more systems include one or more physical locations. 

Claim 27 (previously presented) The authentication system of Claim 14, wherein at 

least one of said data storage facilities stores at least some of sensitive data, wherein 

said at least one of said data storage facilities serves said sensitive data when said 

authentication engine indicates that said user has been uniquely identified. 
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Claim 28 (previously presented) The authentication system of Claim 14, further 
comprising a data vault which stores sensitive data, wherein said data vault serves 
said sensitive data when said authentication engine indicates that said user has been 
uniquely identified. 

Claim 29 (previously presented) The authentication system of Claim 14, wherein said 
authentication system engine outputs an indication of whether said user has been 
uniquely identified. 

Claim 30 (currently amended) A cryptographic system, comprising: 

a plurality of data storage facilities remote from a user, wherein each data 
storage facility includes a computer accessible storage medium which stores 
substantially randomized data portions of at least one private cryptographic key from 
a plurality of private cryptographic keys; and 

a cryptographic engine remote from said user which communicates with said 
plurality of data storage facilities and comprises: 

a data splitting module remote from said user which operates on said private 
cryptographic keys to create said substantially randomized data portions of at least 
one private cryptographic key, 

a data assembling module remote from said user which processes the 
substantially randomized data portions from at least two of said data storage facilities 
to assemble said at least one private cryptographic key from said plurality of private 
cryptographic keys, and 

a cryptographic handling module remote from said user which receives said 
assembled private cryptographic keys and performs cryptographic functions 
therewith, 

wherein said user is remote from said cryptographic system and is connected 
to it via a communication link[[.]] i _and 

wherein each substantially randomized portion is individually undecipherable. 
Claim 31 (cancelled). 

Claim 32 (previously presented) The cryptographic system of Claim 30, wherein said 
each data storage facility is logically separated from any other data storage facility. 
Claim 33 (previously presented) The cryptographic system of Claim 30, wherein said 
each data storage facility is physically separated from any other data storage facility. 
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Claim 34 (previously presented) The cryptographic system of Claim 30, further 

comprising an authentication engine which, before the cryptographic functionality 

may be employed on behalf of a user, uniquely identifies said user. 

Claim 35 (previously presented) The cryptographic system of Claim 30, wherein said 

plurality of data storage facilities comprises at least one secure server. 

Claim 36 (currently amended) A method comprising using the system of claim 14. ef 

storing auth e ntication data in g e ographically r e mot e secur e data storag e faciliti e s 

th e r e by prot e cting said auth e ntication data against compromis e of any individual data 

storag e facility, said m e thod comprising: 

r e c e iving auth e ntication data from a us e r at a trust e ngin e r e mot e from said 

splitting auth e ntication data into two or more portions with a data splitting 
modul e remot e from said us e r; 

combining at said r e mot e trust e ngin e an authentication data portion with a 
first substantially random valu e to form a first combin e d valu e ; 

combining a s e cond auth e ntication data portion with a second substantially 
random valu e to form a s e cond combin e d valu e ; 

cr e ating a first pairing of said first substantially random valu e with said s e cond 
combined valu e ; 

cr e ating a second pairing of said first substantially random valu e with said 
s e cond substantially random valu e ; 

storing said first pairing in a first secur e data storage facility locat e d on a 
s e rv e r r e mote from said us e r; and 

storing said s e cond pairing in a second secur e data storag e facility remot e 
from s aid u se r and s aid fir s t s e cur e data storag e facility; 

wh e r e in said trust e ngin e compris es multipl e r e mote data storag e facilities; 

o nrl 

una 

wh e r e in said us e r is r e mot e from said trust e ngin e and is conn e ct e d to it via a 
communication link. 
Claims 37 -58 (cancelled). 

Claim 59 (currently amended) A secure authentication system, on a remote trust 
engine, comprising: 

a depository system, remote from a user, having at least one server which 
stores at least one private key and a plurality of enrollment authentication data, 
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wherein each enrollment authentication data identifies one of multiple users, wherein 
said depository system further comprises a plurality of data storage facilities, each 
data storage facility having at least one server storing a substantially randomized 
portion of said private key and a substantially randomized portion of said plurality of 
enrollment authentication data; 

a plurality of authentication engines, wherein said authentication engine 
contains a data assembling module which assembles said substantially randomized 
enrollment authentication data portions[[,]] from said depository system various data 
storag e facilities, to form the enrollment authentication data which uniquely 
identtfies[[y]] a user to a degree of certainty, 

wherein each authentication engine receives current authentication data to 
compare to said enrollment authentication data, and wherein each authentication 
engine generates an authentication result; 

a redundancy system which receives said authentication result of at least two 
of said authentication engines and uses said authentication results to determine 
whether said user has been uniquely identified, 

wherein the secure authentication system is part of said remote trust engine; 

[[and]] 

wherein said remote trust engine is remote from said user and said user is 
connected to said trust engine via a communication link[[.]] ; and 

wherein each substantially randomized portion is individually undecipherable. 
Claim 60 (previously presented) The secure authentication system of Claim 59, 
wherein said redundancy system determines whether said user has been uniquely 
identified by following the majority of said authentication results. 
Claim 61 (previously presented) The secure authentication system of Claim 59, 
wherein said redundancy system determines whether said user has been uniquely 
identified by requiring said authentication results to be unanimously positive before 
issuing a positive identification. 

Claim 62 (previously presented) The secure authentication system of Claim 59, 
wherein said redundancy system includes a plurality of redundancy modules, and said 
secure authentication system further comprises: 

a plurality of geographically remote trust engines, each trust engine having one of said 
plurality of authentication engines and one of said redundancy modules, 



-7- 



U.S. Serial No. 09/666,519 



Attorney Dkt. No. 48556-00001 



wherein the redundancy module for at least one of said plurality of trust engines 
determines whether said user has been uniquely identified using said authentication 
results from ones of said authentication engines associated with the other trust engines 
and without using said authentication results from the at least one trust engine. 
Claim 63 (previously presented) The secure authentication system of Claim 62, 
wherein each of said plurality of trust engines includes a depository having a 
computer accessible storage medium which stores said a substantially randomized 
data portions of at least one piece of said enrollment authentication data and wherein 
each depository forwards said substantially randomized data portions of said 
enrollment authentication data to said plurality of authentication engines. 
Claim 64 (original) The secure authentication system of Claim 62, wherein said 
determination of whether said user has been uniquely identified corresponds to the 
one of said redundancy modules to first determine a result. 

Claim 65 (currently amended) A trust engine system for facilitating authentication of 
a user, said trust engine system comprising: 

a first trust engine comprising a first depository, remote from a user, wherein 
said first depository includes a plurality of data storage facilities, each data storage 
facility having at least one server storing a substantially randomized portion comput e r 
acc e ssible storag e m e dium which stor e s substantially randomiz e d data portions of at 
least one piece of enrollment authentication data from a plurality of enrollment 
authentication data corresponding to multiple users; 

a second trust engine located at a different geographic location than said first 
trust engine and comprising[[:]] a second depository having a plurality of data storage 
facilities, each data storage facility having at least one server storing a substantially 
randomized portion comput e r accessibl e storag e m e dium which stor e s substantially 
randomiz e d data portion s of at least one piece of said enrollment authentication data; 

an authentication engine communicating with said first and second 
depositories and which assembles at least two of said substantially randomized data 
portions of at least one piece of said enrollment authentication data into a usable form; 
and 

a transaction engine communicating with said first and second depositories 
and said authentication engine, 

wherein when said second trust engine is determined to be available to execute 
a transaction, said transaction engine receives authentication data from a user and 
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forwards a request for a data assembling module to assemble said enrollment 
authentication data from substantially randomized data portions, and wherein said 
authentication engine compares said authentication data from said user and enrollment 
authentication data assembled from said first and second depositories, and determines 
an authentication result, 

wherein said first and second trust engines are remote from said user and said 
user is connected to said trust engines via a communication linkff.H ; and 

wherein each substantially randomized portion is individually undecipherable. 
Claim 66 (previously presented) The trust engine system of Claim 65, wherein said 
determination of whether said second trust engine is available to execute said 
transaction includes a determination of whether said second trust engine is within 
geographic proximity to said user. 

Claim 67 (previously presented) The trust engine system of Claim 65, wherein said 
determination of whether said second trust engine is available to execute said 
transaction includes a determination of whether said second trust engine is currently 
servicing a light system load. 

Claim 68 (previously presented) The trust engine system of Claim 65, wherein said 
determination of whether said second trust engine is available to execute said 
transaction includes a determination of whether said second trust engine is currently 
scheduled for maintenance. 

Claim 69 (previously presented) The trust engine system of Claim 65, wherein said 
first and second trust engines are determined to be available, and an authentication 
result for said trust engine system follows said first of said first and second trust 
engines to produce said authentication result. 
Claim 70-74 (cancelled). 

Claim 75 (new) A method comprising using the system of claim 30. 
Claim 76 (new) A method comprising using the system of claim 59. 
Claim 77 (new) A method comprising using the system of claim 65. 
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